Amendment of the Claims 



This listing of claims will replace all prior versions, and listings, of claims in the application: 

1. (Currently Amended) A method for an intermediary selectively coupling an external 
network and an internal network to dynamically generate filter rules to facilitate establishing 
an end to end secure session connection between a first device on the internal network and a 
second device of the external network, the method comprising: 

receiving a secure session establishment request by the second device on the external 
network to establish a secure communication session with the first device on the internal 
network; 

forwarding the secure session establishment request to the first device; 

monitoring the internal network feff -to detect an approval or disapproval 
acknowledgement by the first device for the secure session establishment request; and 

i-i : -aH--Hf»ftr Ovai authentication acknowledgement i s monitored, then configuring a first 
filter rule of the intermediary to allow communication between the first and second devices 
through the intermediary^ , if an approval authentication acknowledgement is d o?-,i to I: 

receiving no; work ind'sic from iiu. s v .-;>:k1 .W\ con v.H^H.'i^^ IV.A.l iv\ h >us secure 
communication session established when the second device was previously on the internal 
network; and 

responding to said network traffic with an error such that the second device attempts 

to re-establish a secure communication session from the external network. 

2. (Original) The method of claim 1, further comprising: 

determining a presence advertisement for the first device has been received before 
forwarding the secure session establishment request to the first device. 

3. (Original) The method of claim 2 wherein the presence advertisement is delivered in 
accordance with the UPnP Simple Service Discovery Protocol (SSDP). 
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4. (Original) The method of claim 1, further comprising: 

receiving network traffic from the second device corresponding to the second device 
requesting a UPnP Device Description Document from the first device. 

5. (Original) The method of claim 1, further comprising: 

receiving a service request from the second device for the first device, the service 
request having an associated communication port for performing the service; 

determining the service request identifies a service advertised by the first device in a 
device description document; and 

configuring a second filter rule to allow communication between the first device and 
the second device using the associated communication port. 

6. (Original) The method of claim 1, further comprising: 

providing the second device with an indicia for use by the second device in 
establishing a communication link to the first device. 

7. (Original) The method of claim 6, wherein the indicia is a selected one of a globally 
routable Internet Protocol (IP) address, or an internal network address non-routable on the 
external network. 

8. (Original) The method of claim 1, wherein communication within the internal network is 
in accord with an IPv6 compatible Internet Protocol (IP). 

9. (Original) The method of claim 1, further comprising: 

retrieving an Access Control List (ACL) from the first device, the ACL including an 
identification of devices authorized to establish communication sessions; and 

determining based at least in part on the ACL the second device is authorized to 
establish the secure communication session with the first device before forwarding the secure 
session establishment request to the first device. 

10. (Cancelled) 
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11. (Original) The method of claim 1, further comprising: 

establishing the end to end secure session connection between the first device on the 
internal network and the second device of the external network in a single end to end secure 
session connection between said first and second devices. 

12. (Currently Amended) A method for i ot i de\ ice. communicating with a first device 
on an internal network by way of an intermediary selectively coupling an external network 
and aa -the internal network, comprising: 

receiving , by the second device while on the internal network, a presence 
advertisement for the first device; 

storing , by the second device while on the internal network, a network address 
associated with the first device; 

determining, by the second device while on the internal network, services offered by 
the first device; and 

issuing . In t no v : un : j J ;, k c while on the external network, issu - iftg- a secure 
communication initiation request to the first device via the intermediary. 

13. (Currently Amended) The method of claim 12, wherein the intermediary is configured to: 

forward the request to the first device; 

monitor for an approval or disapproval authentication acknowledgement to the 
request; and 

configure a filter of the intermediary to allow communication with the first device if 
an approval authentication acknowledgement is received. 

14. (Currently Amended) The method of claim 13, wherein the intermediary is further 
configured to configure the filter to block communication with the first device is a 
disapproval authentication acknowledgement is received. 

15. (Cancelled) 
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16. (Currently Amended) The method of claim 12, wherein 




c r the 



method further comprising requestin g, by the second device i network, a 

description of services offered by the first device. 

17. (Original) The method of claim 16, wherein the description of services is requested from 
the intermediary. 

18. (Currently Amended) The method of claim 12, wherein wh i l^^n^h^-ex^ - emal-n^tw-erk;- 
the method further comprising requestin g, by the . u'Ia: Lsk> tee while on t he external 
network, a description of services offered by the first device. 

19. (Original) The method of claim 18, wherein the description of services is requested from 
the intermediary. 

20. (Currently Amended) The method of claim 12, further comprising: 

receiving b\ sh - <[on : J de\ ■ '. hik- the :eni:d network, an appro\;il 
authentication acknowledgement to the request; and 



device while on the external network, a service of the first device. 

21. (Original) The method of claim 12, wherein the network address associated with the first 
device is a globally unique network address having an address portion identifying the 
intermediary. 

22. (Currently Amended) The method of claim 12, wherein the second •j-wsce i\ a traveling 
control point-perfem^s-the-me-the d for comniu ni&a4ing--wMvth^--de-v-i€e--. 

23. (Original) A system of devices communicatively coupled with an internal network and an 
external network via a gateway, comprising: 

a first device, communicatively coupled to the internal network, offering services; 
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a second device selectively coupled with the internal and external networks, the 
second device seeking a service of the first device, wherein when requesting the service, said 
requesting includes sending a secure communication initiation request to the first device to 
facilitate establishing a secure communication session with the first device; and 

an intermediary selectively communicatively coupling the first and second devices, 
wherein the intermediary is configured to receive a secure communication initiation request 
from the second device over the external network and forward the request to the first device. 

24. (Original) The system of claim 23, wherein the intermediary is further configured to 
monitor the first device for an approval or disapproval authentication acknowledgement for 
the request, and to configure a filter of the intermediary controlling communication over the 
first network from the first device based at least in part on a monitored authentication 
acknowledgement. 

25. (Original) The system of claim 23, wherein the first device communicates with the 
second device in accord with the UPnP Security Protocol. 

26. (Original) The system of claim 23, wherein the secure communication initiation request 
corresponds to a UPnP Set Session Key (SSK) request. 

27. (Currently Amended) An article of manufacture comprising 

a storage medium; and 

a plurality of progr amming Jnstruct^ i o n figured 

to enable a machine as an intermediary selectively coupling an external network and an 

"If UmI k <-,> ikiiPi. dlh !: K'i .Mil? M !<! .N <-,> 1,10! i U jlO < J hi i sii ' i ! ij :'i Oiki S'l" 

secure session connection between a first device on the internal network and a second device 
of the external network to 

a- >v u! c-hriH > --a*;e^--.'vj-We--fHt?v! k+4va v ma- associat e d data for an intermodiaty s e lectively coupling 
an-exte rna l -n e twork - and-an - int 

es - t - a l >l i6 h - iag -- ae"eHd --t e"en4 - secure s es sion connee -t- ie - R-be t- ween a firs t d evice o n - the-inte - rnal - 
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ne-twerk--and--a--s^e^ 

results in the intermediary performing: 

reeemng- receive a secure session establishment request by a second device on the 
external network to establish a secure communication session with a first device on the 
internal network; 

forwarding the secure session establishment request to the first device; 

monitoring the internal network fef- to detect, a n approval or disapproval 
acknowledgement by the first device for the secure session establishment request; and 

if an approval authentication acknowledgement is monitored, then configurgjag a first 
filter rule of the intermediary to allow communication between the first and second devices 
through the intermediary^ if an approval authentication acknowled genu ;:r is o< J; 

receive network traffic from the second device corresponding to a previous secure 
communicat ion scs oj t ! bi nned when the second dev ice was previously on the int ernal 
network; and 

respond to said network traffic with an error such that the second dc\ t i 

rc-esi :Mi-.h a ni ^-.•■uMumu- ji^n ^vivn \\\>\\i Mi c J m ij !ier\\ori 

28. (Currently Amended) The article of manufacture of claim 27, wherein the data 
programming instructions are further configured to enable the machine to ■ ffieh-tde-s-data-,- 
which when accessed, results in the intermediary performing: ^ 

determineittg a presence advertisement for the first device has been received before 

forwarding the secure session establishment request to the first device. 

29. (Currently Amended) The article of manufacture of claim 27, wherein the date 

I OU! % i , i i lllllhci i. , ! ■ i krd^r r~ 

wl wh i >> I e-r-m-e ia 5 s fVf riming 

receiving receive a service request from the second device for the first device, the 
service request having an associated communication port for performing the service; 

determining- determine the service request identifies a service advertised by the first 
device in a device description document; and 
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configuring configure a second filter rule to allow communication between the first 
device and the second device using the associated communication port. 



30. (Currently Amended) The article of manufacture of claim 27, wherein the programming 
instructions are data further configured to ena ble [he u :} nK^-- iB6 j- Hdes -- data y - whkh - w - hen - 
aeeessed - ,- results in the intermediary performing: 

pmvkfei - g -pro vide the second device with an indicia for use by the second device in 
establishing a communication link to the first device. 

3 1 . (Currently Amended) The article of manufacture of claim 27, wherein the programming 
instructions are date further configured to enable the machine to includes dat a, which w he n 

retrieving retrieve an Access Control List (ACL) from the first device, the ACL 
including an identification of devices authorized to establish communication sessions; and 



authorized to establish the secure communication session with the first device before 
forwarding the secure session establishment request to the first device. 

32. (Currently Amended) An article of manufacture comprising a machin e accessible m edia 
having associated data for communicating with a device by way of an intermediary 

a€eess€d - , --- r - e - su l- t - s - in - a - maehineperfemiing: - 



a storage medium, and 

a plurality of programming instructions stored on the storage medium and confi gured 
if* i i I k i. \\i in! il n__ si i Si i j k on in iloi il i otl 

of an intermediary selectively coupling an external network and the internal network to 

r e ceiv ing receive, by the second device while on the internal network, a presence 
advertisement for the first device; 

stefing store, by the second device while on the internal network, a network address 
associated with the first device; 
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icterminc based at least in part on the ACL the second device is 



deteffiHatftg determine, by the second device while on the internal network, services 
offered by the first device; and 

- » 1 'i -econd device while on the external network, issuing a secure 
communication initiation request to the first device via the intermediary. 

33. (Cancelled) 

34. (Currently Amended) The article of claim 32, wherein the programming instructions are 
nirihcr coi-i i-n-vd ;-.= ,,-ir:H-. sh-.- -.v : : ..his:.. -he NOCjMKi cicya; uuiula further indud e-i-dat^ 
which wh e n acc e ss e d by the m. »- a \ taohin e performing, whil e on th e 
internal network, requesting request, by the second device while o n the internal network, a 
description of services offered by the first device. 

35. (Currently Amended) The article of claim 32, wherein the programming i i i tjo 

i 41 -'d to enable the machine as the second device to data furthefH^ehidtgvdttto; 
wh i eh-when accessed by the maeh - iBLeyfesaks -t R-the-HHiehine performing , while - en-the 
e^ternal--n^twer-k T -rcqucsti-n g, by the second device while on the external network, a 
description of services offered by the first, device. 

36. -37. (Cancelled) 
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